package com.xvxingan.base.shiro;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.springframework.stereotype.Component;

import com.xvxingan.base.dao.BaseManager;

/****
 * shiro 认证 需要登录
 * @author Administrator
 *
 */
@Component
public class CustomRolesAuthorizationFilter extends AuthorizationFilter {
	@Resource
	private BaseManager baseManager;
	
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
/* 		Subject subject = getSubject(request, response);
 		User user = (User) subject.getSession().getAttribute("currentUser");
 		String[] rolesArray = (String[]) mappedValue;

		if (rolesArray == null || rolesArray.length == 0) {
			return true;
		}
		//超级管理员 不受限制
		if(user.isSuper()){
			return true;
		}
		Map<String,Object> parameters = new HashMap<String,Object>();
		parameters.put("userId", user.getId());
		List<String> roleIds = this.baseManager.query("Role.getUserRoleIds", parameters);
		for (int i = 0; i < rolesArray.length; i++) {
			if(roleIds.contains(rolesArray[i])){
				return true;
			}
		}
		return false;*/
		return true;
	}
}